gitlab-com-seaweedfs/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2024-01-19 02:48:24 +00:00
Code Issues Projects Releases Wiki Activity

Added note for usage of existing certificates

Rene Rath 2023-03-27 09:57:55 +02:00
parent e6fc416461
commit 715fa8ba25
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Security-Configuration.md

@ -157,3 +157,9 @@ Java gRPC uses Netty's SslContext. From https://netty.io/wiki/sslcontextbuilder-
> For example to convert a non-encrypted PKCS1 key to PKCS8 you would use: > For example to convert a non-encrypted PKCS1 key to PKCS8 you would use:
> >
> openssl pkcs8 -topk8 -nocrypt -in pkcs1_key_file -out pkcs8_key.pem > openssl pkcs8 -topk8 -nocrypt -in pkcs1_key_file -out pkcs8_key.pem
### Existing certificates
If you are using existing certificates: make sure they all have the **Extended Key Usage** 'TLS Web Server Authentication' AND 'TLS Web Client Authentication' set - as grpc uses them for both use-cases!
Else you will see those errors: `error reading server preface: remote error: tls: bad certificate`